McGuireWoods LLP (JD Supra France)
CNIL vs. Google: 10 lessons from the largest data protection fine ever issued Part Two
Welcome back to our two-part series examining CNIL vs. Google: 10 lessons from the largest data protection fine ever issued. In this post we continue our analysis of CNIL vs. Google by taking a closer look at the additional lessons we can learn from this important decision.
CNIL vs. Google: 10 lessons from the largest data protection fine ever issued
In January 2019, the French data protection authority, CNIL (Commission Nationale de l’informatique et des libertés), announced that it had fined Google 57 million euros (approximately £44 million or USD$65 million) for breaching the EU’s General Data Protection Regulation (GDPR) through its use of targeted advertising.
France: Pragmatism and Flexibility for the GDPR Implementation
The GDPR (General Data Protection Regulation) will be applicable as of May 25, 2018. The (high) level of penalties under the GDPR will become one of the core issues for companies. Indeed the GDPR is based on the European fundamental rights to privacy and data protection and could potentially apply outside the European Union.
Awaiting the Finale: France’s Debate Over Its New Anti-Corruption Law
France will soon change the anti-corruption landscape with a new law aimed at reducing foreign bribery. Finance Minister Michel Sapin introduced the new law in July 2015 with hopes of aligning France’s efforts with those of the U.S., UK, and other countries. The draft law was formally introduced in March 2016, but it has since been revised by the French Parliament in many subtle but albeit...
French Data Protection Authority Sanctioned For Not Anonymizing A Decision
Even the French Data Protection Authority (CNIL – Commission Nationale de l’Information et des Libertés) can be sued for the violation of its own recommendations. Following is its recommendation regarding the anonymization of personal data on jurisprudence databases (deliberation n°01-0577 from the November 29, 2001).
The French Data Protection Authority Puts Google On Notice To Delist Domain Names Beyond Site’s EU Extensions
One, of course, recalls the May 13, 2014 decision of the Court of Justice of the European Union (CJEU) on the “right to be forgotten”. As a result, the French Data Protection Authority (CNIL – Commission Nationale de l’Informatique et des Libertés) received numerous complaints about Google not being willing to carry out the delisting. Of the 21 groundless refusals pointed out by the CNIL, Google...